Description:
A vulnerability was reported in Microsoft Windows in the Graphics Rendering Engine. A remote user can execute arbitrary code on the target system. A remote user can also cause denial of service conditions.

The Windows Graphic Rendering Engine contains a buffer overflow in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats [CVE-2005-2123]. A remote user can create a specially crafted file that, when processed by the target user, will execute arbitrary code on the target user's system. The code will run with System level privileges.

A separate buffer overflow exists in the rendering of Windows Metafile (WMF) image formats [CVE-2005-2124]. Arbitrary code can be executed.

A separate buffer overflow exists in the rendering of Enhanced Metafile (EMF) image formats [CVE-2005-0803]. A remote user can cause the target application to crash. This vulnerability is currently being exploited in the wild [at the time of this entry.]